https://cybercrime.club/tags/prompt-injection/Infrastructure security news for people who build infrastructure.Hugo -- gohugo.ioen-usSun, 07 Jun 2026 11:09:26 -0400https://cybercrime.club/posts/claude-code-github-action-bot-bypass-prompt-injection-supply-chain/Sun, 07 Jun 2026 11:09:26 -0400https://cybercrime.club/posts/claude-code-github-action-bot-bypass-prompt-injection-supply-chain/A permission bypass chained with prompt injection in Anthropic's Claude Code GitHub Action let a single crafted issue make the agent leak CI secrets and OIDC request tokens — a clean path to poisoning the action's own supply chain. Patched in v1.0.94.supply-chain